MPG_A and MPG_B exist in the same domain.
MPG_A needs to call MPG_B.
This will likely be HTTP.
What addressing scheme should MPG_A use when making the call to ensure the traffic stays on the appliance and does not go out onto the network only to turn around and come back to the same appliance? If we create a Host Alias that reference the appliance's IP address would that guarantee a send to the Host Alias name stays on the appliance?
What should the Front Side Handler in MPG_B do to ensure it only accepts traffic from inside the appliance? From only inside this Domain?
Configuring the HTTP Front Side Handler to use an Access Control List with the IP address of the appliance seems like an option, but we would have to configure that uniquely on every appliance. Is there any way to make this work use Host Aliases? To further restrict it to the parent Domain?
We want to stay on the appliance between MPG_A and MPG_B for performance reasons.
Additionally if we know A to B stays on the appliance and B only accepts traffic from on the appliance we could consider not using TLS between A and B to save complexity, ongoing cert management and performance overhead for encryption. Yes, yes, yes, we already do all this all over the place for traffic arriving or leaving the appliance. But for use cases like this where we could ensure traffic stays on the appliance between 2 MPGs in the same domain, is it crazy to consider using HTTP and not HTTPs, just for this hop between MPG_A and MPG_B
in the same Domain on the same appliance.------------------------------
Peter Potkay
Windsor CT
------------------------------